Depending on where you live, you have rights to access, correct, delete, or restrict how Roblox uses your data, and to opt out of data sales or targeted advertising. You can exercise these rights through Roblox's Privacy Portal or by emailing privacy@roblox.com.
This analysis describes what Roblox's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision consolidates the data rights available to users under GDPR, CCPA, and other applicable laws into a single framework and provides the mechanism for exercising them.
The updated policy restricts personalized advertising based on age. Users under 18 will see only nonpersonalized ads on the platform, while users 18 and older may see personalized ads if they provide…
The updated policy adds explicit language disclosing that Roblox collects persistent identifiers (IP addresses and unique device identifiers) from all users, including children, for purposes includin…
The updated policy clarifies that parent email addresses constitute the only personal information collected from child accounts under COPPA, rather than listing persistent identifiers. The policy now…
Users in the EU, UK, California, and other jurisdictions with applicable privacy laws can request access to, correction of, or deletion of their personal data by submitting a request at https://www.roblox.com/privacy or emailing privacy@roblox.com; Roblox states it will respond within legally required timeframes.
How other platforms handle this
This Agreement will be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles. Each party irrevocably submits to the exclusive jurisdiction of the courts of Ontario, Canada for t...
These Terms shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law principles. Any disputes not subject to arbitration shall be brought exclusively in the state or federal courts located in San Francisco County, California.
These Terms shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of laws provisions. Any disputes arising out of or relating to these Terms or the Services shall be subject to the exclusive jurisdiction of the state and federal court...
Monitoring
Roblox has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on where you live, you may have certain rights regarding your personal information. These may include the right to access, correct, delete, or restrict the processing of your personal information, the right to data portability, the right to object to processing, and the right to opt out of the sale or sharing of your personal information, or the use of your personal information for targeted advertising. To exercise these rights, you may submit a request through our Privacy Portal at https://www.roblox.com/privacy or by contacting us at privacy@roblox.com. We will respond to your request within the timeframe required by applicable law.— Excerpt from Roblox's Roblox Privacy and Cookie Policy
(1) REGULATORY LANDSCAPE: This provision engages GDPR Articles 15-21 (access, rectification, erasure, restriction, portability, objection), UK GDPR, CCPA/CPRA (access, deletion, correction, portability, opt-out of sale/sharing), and analogous rights under Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Texas TDPSA. Enforcement authorities include the European Data Protection Authorities, the UK ICO, the California Privacy Protection Agency, and state attorneys general. (2) GOVERNANCE IMPLICATIONS: The policy commits to responding within legally required timeframes but does not specify response timelines (GDPR requires response within 30 days extendable to 90 days; CCPA requires 45 days extendable to 90 days); compliance teams should ensure that intake and response workflows are calibrated to the shortest applicable deadline. The single Privacy Portal serving multiple jurisdictions requires that the intake process accurately identifies the user's jurisdiction and routes requests to the appropriate legal framework. (3) JURISDICTION FLAGS: EU/EEA users have the broadest rights under GDPR including the right to object to legitimate interest processing; California users have opt-out rights for sale and sharing; Illinois users retain BIPA rights separately. (4) CONTRACT AND VENDOR IMPLICATIONS: Data deletion requests create downstream obligations to notify processors and sub-processors; vendor agreements should include provisions requiring timely deletion or restriction of data in response to data subject requests. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the Privacy Portal correctly identifies and routes requests by jurisdiction; confirm response-time tracking and escalation workflows are in place; assess whether identity verification procedures for data requests are proportionate and not unduly burdensome as cautioned by GDPR guidance; and test deletion workflows end-to-end including sub-processor notification.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision consolidates the data rights available to users under GDPR, CCPA, and other applicable laws into a single framework and provides the mechanism for exercising them.
Users in the EU, UK, California, and other jurisdictions with applicable privacy laws can request access to, correction of, or deletion of their personal data by submitting a request at https://www.roblox.com/privacy or emailing privacy@roblox.com; Roblox states it will respond within legally required timeframes.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Roblox.